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For any prime p and any a, 1 € a< p: 
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Fermat's Little Theorem (1640): 
For any prime p and any a, 1 < a< p: 


a"! —1 (mod p) 


Euler's Theorem (1736): 
If gcd(a, n) = 1, then 


a“) =1 (mod n), 
where ó(n) = st of x < n such that gcd(x, n) = 1. 
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"The problem of distinguishing prime numbers from 
composite numbers and of resolving the latter into 
their prime factors is known to be one of the most 
important and useful in arithmetic. ...the dignity of 
the science itself seems to require solution of a 
problem so elegant and so celebrated.” 
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Published The Principles of Science (1874) 
Gave world's first factoring challenge: 


“What two numbers multiplied together will 
produce 8616460799 ? | think it unlikely that 
anyone but myself will ever know." 


Factored by Derrick Lehmer in 1903. (89681 « 96079) 
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» A marvelous new communication technology—radio 
(Marconi, 1895)—enabled instantaneous 
communication with remote ships and forces, but also 
gave all transmitted messages to the enemy. 


» Use of cryptography soars. 


Decipherment of 
Zimmermann Telegram by 
British made American 
involvement in World War | 
inevitable. 
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Turing and crypto 


Alan Turing (1912—1954) 


Developed foundations of theory of computability 
(1936). 

Church-Turing Thesis (model of computation doesn't 
matter). 
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» Cryptography performed by 
(typically, rotor) machines. 

» Work of Alan Turing and others at 
Bletchley Park, and William 
Friedman and others in the USA, on 
breaking of Axis ciphers had great 
success and immense impact. 

» Cryptanalytic effort involved 
development and use of early 
computers (Colossus). 


Still learning about Turing's contributions 
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THE APPLICATIONS OF PROBABILITY TO CRIPTAGRABHY 


by A.M. Turing 
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Straightforward Cryptanalytic Problems 


(Declassified May 2012.) 
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» "Communication Theory of Secrecy Systems" Sept 
1945 (Bell Labs memo, classified). 


Claude Shannon (1916—2001) 


TS es 


> "Communication Theory of Secrecy Systems" Sept 
1945 (Bell Labs memo, classified). 

> Information-theoretic in character—proves 
unbreakability of one-time pad. (Published 1949). 


Kahn — The Codebreakers 


In 1967 David Kahn published 

The Codebreakers—The Story of Secret Writing. 
A monumental history of cryptography. 
NSA attempted to suppress its publication. 
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70's — PK Crypto 


DES - U.S. Data Encryption Standard (1976) 
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DES Designed at IBM; Horst Feistel supplied key 
elements of design, such as ladder structure. NSA 
helped, in return for keeping key size at 56 bits.(?) 


Computational Complexity 
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> Theory of Computational Complexity started in 1965 
by Hartmanis and Stearns; expanded on by Blum, 
Cook, and Karp. 


» Key notions: polynomial-time reductions; 
NP-completeness. 
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» Ralph Merkle, and independently Marty Hellman and 
Whit Diffie, invented the notion of public-key 
cryptography. 
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> Ralph Merkle, and independently Marty Hellman and 
Whit Diffie, invented the notion of public-key 
cryptography. 

> In November 1976, Diffie and Hellman published New 
Directions in Cryptography, proclaiming 


“We are at the brink of a revolution in 
cryptography.” 
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> Each party A also has a secret key SKa for decrypting 
a received ciphertext C: 


M = SK,(C) 


> It is easy to compute matching public/secret key pairs. 


» Publishing PK, does not compromise SKa! It is 
computationally infeasible to obtain SK, from PKa. 
Each public key can thus be safely listed in a public 
directory with the owner’s name. 
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> Idea: sign with SKa; verify signature with PK. 
>» A produces signature c for message M 


g = SKA(M) 


>» Given PK4, M, and c, anyone can verify validity of 
signature c by checking: 


M = PK,(c) 


» Amazing ideas! 
» But they couldn't see how to implement them... 
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» Security relies (in part) on inability to factor product n 
of two large primes p, q. 
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> Security relies (in part) on inability to factor product n 


of two large primes p, q. 


> PK = (n, e) where n= pq and gcd(e, ¢(n)) = 1 
>» SK = d where de — 1 mod ó(n) 
> Encryption/decryption (or signing/verify) are simple: 


C = PK(M)=M° modn 
M = SK(C)- C? mod n 
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po AENTIFIC 


> Described public-key and RSA cryptosystem in his 
Scientific American column, Mathematical Games 

» Offered copy of RSA technical memo. 

> Offered $100 to first person to break challenge 
ciphertext based on 129-digit product of primes. 
(Our) estimated time to solution: 40 quadrillion years 


Publication of RSA memo and paper 


LCS-82 Technical Memo (April 1977) 
CACM article (Feb 1978) 


Alice and Bob (1977, in RSA paper) 


Alice and Bob (1977, in RSA paper) 


Alice and Bob (1977, in RSA paper) 


Alice and Bob now have a life of their own—they 
appear in hundreds of crypto papers, in xkcd, and 
even have their own Wikipedia page: 
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WikırepnrA Alice and Bob 
The Free Encyclopedia From Wikipedia, the free encyclopedia. 


The names Alice and Bob are commonly used placeho| 


Main page 
ones names are used for convenience; for example, "Alice sel 
rantilned coment sends a message to Party B encrypted by Party B's publ 
Ourrent event within these fields—helping technical topics to be explai 


In cryptography and computer security, there are a numi 


Independent Invention of Public-Key Revealed 


In 1999 GCHQ EA that James Ellis, Clifford 
Cocks, and Malcolm Williamson had invented 
public-key cryptography, the “RSA” algorithm, and 
“Diffie-Hellman key exchange” in the 1970's, before 
their invention outside. 


Loren Kohnfelder — Invention of Digital Certificates 


Towards a Practical Public-key Cryptosystem 


» Loren Kohnfelder’s B.S. thesis (MIT 1978, supervised 
by Len Adleman), proposed notion of digital 
certificate—a digitally signed message attesting to 
another party's public key. 
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Theoretical Foundations of Security 


» "Probabilistic Encryption" Shafi Goldwasser, Silvio 
Micali (1982) (Encryption should be randomized!) 
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» "Probabilistic Encryption" Shafi Goldwasser, Silvio 
Micali (1982) (Encryption should be randomized!) 

> "A Digital Signature Scheme Secure Against Adaptive 
Chosen Message Attacks" Goldwasser, Micali, Rivest 
(1988) (Uses well-defined game to define security 
objective.) 
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The Impact of “The Turing Test" on Cryptography 


» Turing (1950) asked, "Can Machines Think?" 

>» Proposed "indistinguishability test” as the answer: 
If you can't tell a machine from a human by 
conversing with it, then the machine can think. 

>» This model has become the paradigm for many 
definitions of security in cryptography, usually under 
the name “compuational indistinguishability". 

» Goldwasser/Micali (1984): ciphertext 
indistinguishability. 

» Blum/Micali (1982), Yao (1982): pseudorandom 
generators. 
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Crypto business 


World Wide Web (Sir Tim Berners-Lee, 1990) 


» Just as radio did, this new communication medium, 
the World-Wide Web, drove demand for cryptography 
to new heights. 


> Cemented transition of cryptography from primarily 
military to primarily commercial. 
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Crypto policy 


U.S. cryptography policy evolves 


» U.S. government initially tried to control and limit 
public-sector research and use of cryptography 


» Attempt to chill research via ITAR (1977) 


> MIT “Changing Nature of Information" Committee 
(1981; Dertouzos, Low, Rosenblith, Deutch,Rivest,...) 


MIT Committee Seeks Cryptography Policy 


Questions of who should do research on cryptography and 
how results should be disseminated are the first order of business 


Within the next 10 years, networks quences for individuals and for society if easy to send computer programs be- 
consisting of tens of,thousands of com- computers continue to be connected, as tween connected machines and to in- 
puters will connect businesses, corpora- they are now, according to local deci- struct a program to search for, select, 


Science, 13 Mar 1981 
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U.S. cryptography policy evolves 


> U.S. government tried to mandate availability of all 
encryption keys via “key escrow” and/or “Clipper 
Chip” (1993) 


» Today, US policy leans toward strong cybersecurity, 
including strong cryptography, for all information 
systems as a matter of national security. 


Outline 


Attacks 


Factorization of RSA-129 (April 1994) 


>» RSA-129 = 
11438162575788886766923577997614661201021829 
67212423625625618429357069352457338978305971 
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RSA-129 - 


11438162575788886766923577997614661201021829 
67212423625625618429357069352457338978305971 
23563958705058989075147599290026879543541 


Derek Atkins, Michael Graff, Arjen Lenstra, 

Paul Leyland: RSA-129 = 
34905295108476509491478496199038981334177646 
38493387843990820577 x 
32769132993266709549961988190834461413177642 
967992942539798288533 

8 months work by about 600 volunteers from more 

than 20 countries; 5000 MIPS-years. 
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THE MAGIC 
WADD ADF 


Massachu Official Bank Check 


pa, APril 22, 1994 


$ ****100,00xx* 


AMOUNTS IN EXCESS Of $100,000,00 
REQUIRE TWO SIGNATURES 


**Derek Atkins or Michael Graff or 
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Factoring on a Quantum Computer? 
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In 1994, Peter Shor invented a fast factorization 
algorithm that runs on a (hypothetical) quantum 
computer and works by determining multiplicative 
period of elements mod n. 
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In 1994, Peter Shor invented a fast factorization 
algorithm that runs on a (hypothetical) quantum 
computer and works by determining multiplicative 
period of elements mod n. 

» In 2001, researchers at IBM used this algorithm on a 
(real) quantum computer to factor 15 = 3 x 5. 
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In 1994, Peter Shor invented a fast factorization 
algorithm that runs on a (hypothetical) quantum 
computer and works by determining multiplicative 
period of elements mod n. 

» In 2001, researchers at IBM used this algorithm on a 
(real) quantum computer to factor 15 = 3 x 5. 


» Dark clouds on horizon for RSA? 
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wy, "4 ? 
> In 1978, Rivest, Adleman, and Dertouzos asked, 


"Can one compute on encrypted data, 
while keeping it encrypted?" 


> In 2009, Craig Gentry (Stanford,IBM) gave solution 
based on use of lattices. If efficiency can be greatly 
improved, could be huge implications (e.g. for cloud 
computing). 
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Cryptography is not the solution to all of our 
cybersecurity problems, but it is an essential 
component of any solution. 

» Research in cryptography is a fascinating blend of 
mathematics, statistics, theoretical computer science, 
electrical engineering, and psychology. 

» While we have accomplished a lot in a few decades, 
much remains to be done. 

» Like Alice and Bob, cryptography is here to stay. 

> Turing’s influence extends beyond the breaking of 

Enigma, to the proper formulation of adequate 

definitions of security. 


Happy Birthday, Alan Turing! 


